Information Security Policy
|
|
- Barnard Johnston
- 7 years ago
- Views:
Transcription
1 Simacan B.V. Information Security Policy 2015 Document Security Classification Document Reference Code Public ISMS-0007 Document Version Number 2 Document Draft Number 1 Document Author Document Owner Ruggero Montalto Simacan B.V.
2 Table of contents 1. Introduction 2. Information Security Policy 2.1. Scope 2.2. Information Security Objectives 2.3. Information Security Principles 2.4. Responsibilities 2.5. Key Outcomes 2.6. Related Policies 3. Privacy Policy for Employees 4. Privacy Policy for Clients 5. Acceptance 6. Document Revision History 7. Document Review 8. Document Distribution 9. Document Approval 2
3 1. Introduction Information should always be protected, whatever its form and however it is shared, communicated or stored. Simacan has many critical information assets which are crucial in conducting business, maintaining clients' trust, and keeping the future of the company strong. The present policy outlines Simacan's commitments to its employees, its clients, and its suppliers, regarding how all business-critical information assets will be handled by Simacan. Information can be sensitive by its nature, and can also be sensitive due to regulations and industry standards. Sensitive information can include: clients' information, financial information, business records and planning materials, copyrighted materials, both which Simacan creates and those which Simacan obtains under license from others, company patents, business plans, and several other types of intellectual property. Information may reside on Simacan's computing (cloud) systems, online and offline, it may traverse the networks, be on paper, or even be in people s minds. All these locations must be properly controlled. The rules by which information is handled are determined by laws and regulations, business requirements, and the commitments Simacan undergoes with its clients and employees. Every Simacan employee, every client, every supplier, must be aware of the significance of the information being handled, and ensure that proper controls are applied to prevent unauthorized disclosure, loss or lack of accessibility to the information. This Information Protection policy is a part of the overall security and privacy effort carried out by Simacan. Other policies and controls may also apply, these are available in the Handbook of Information Security and on the company s backoffice. Penalties for violating these policies may include disciplinary actions up to termination of employment, or termination of the business relationship with Simacan. Simacan relies upon employees, clients, and suppliers to properly develop, maintain, and operate its systems, networks, and processes which keep sensitive information safe and properly used. This means that every person and organization handling Simacan's information has the responsibility to keep the information safe, no matter where the information is located. This includes computing systems, networks, paper copies, business processes, and verbal transmission of information. 3
4 2. Information Security Policy 2.1. Scope This policy supports Simacan s general security policy and applies to all of the organization as well as to external parties who are stakeholders in the activities of Simacan s Information Security Management System. Simacan will meet all applicable requirements in properly protecting the information, including laws, regulations, industry standards, and contractual commitments with employees, clients, and suppliers Information Security Objectives Ensure the continuous improvement of the Simacan product lifecycle procedures. Create awareness about risk governance and security control effectiveness. Preserve good information security practices already in place. Increase the market value and prominence of the Simacan Control Tower Information Security Principles 1. Simacan tolerates risks that might not be tolerated in conservatively managed organizations, provided that information risks are understood, monitored, and treated when necessary. 2. All Simacan employees will be made aware and accountable for information security as relevant aspect of their job-role. 3. Provisions will be made for funding information security controls in operational and project management processes. 4. The possibility of dangerous, abusive, or malicious use associated with information systems will be taken into account in the overall management of information systems. 5. Information security status reports will be available. 6. Information security risks will be monitored and action taken when changes result in risks that are not acceptable. 7. Systematic criteria for risk classification and risk acceptability will be adopted in Simacan's ISMS. 8. Situations that could place the organization in breach of laws and statutory regulations will not be tolerated and will always result in immediate action towards a solution Responsibilities 1. Simacan s Top Management is responsible for ensuring that information security is adequately addressed throughout the organization. 2. CEO, CTO, and CPO are responsible for ensuring that all people working under their control protect information in accordance with the policies, the procedures, and the standards embraced by Simacan. 3. CISO advises Top Management concerning information security related matters, provides support and training for the employees, and ensures that information security status reports are available. 4. Every Simacan employee undergoes information security responsibilities as part of their employment contract with Simacan Key Outcomes 1. Concerns about information security will not adversely affect the client s 4
5 acceptance of Simacan s products. 2. Information security incidents will not result in serious disruptions of service for the clients or business activities for Simacan. 3. Information security incidents will not result in serious unexpected costs. 4. Losses will be known and will be kept within acceptable bounds. 5. Continual improvement of the information security management system Related Policies The protections Simacan applies to information assets will be in proportion to the value and sensitivity of the information, and will balance the sensitivity of the information against the impact of the controls on the effectiveness of business operations and the risks of disclosure, modification, destruction, or unauthorized use of the information. Simacan will protect all types of sensitive information, and will ensure that these controls are accepted by all employees, clients, suppliers, service providers, representatives and associates of our company who may have access to our information. This includes ensuring that all personnel at all levels are aware of, and are held accountable for safeguarding information assets. Simacan will ensure that access to information is controlled, and based upon, job function and need-to-know criteria, and will maintain proper business continuity and security procedures, including information systems, networks, resources, and business processes. Simacan will comply with other related policies, regulations and laws, including the Dutch and the European privacy policies, and will report any suspected or actual breach of these policies, and will cooperate with investigative agencies. The following detailed policies provide principles and guidance on specific aspects of information security. 1. Simacan's Handbook of Information Security; 2. Simacan's Handbook of Internal Procedures. 5
6 3. Privacy Policy for Employees Simacan values each employee, and so has a commitment to protect the personal information which it handles on behalf of the employee. It is Simacan's policy that: Simacan will collect only that information about employees which is needed and relevant. Simacan will strive to make certain that personal information about employees is kept accurate and up-to-date. Simacan will use appropriate controls to ensure that this information is kept secure, and is only viewed or used by the proper personnel. Information about employees will not be disclosed to any external parties unless appropriate. Employees will be told how they can review information about them, make updates, and report problems. Simacan will comply with applicable laws, regulations, and industry standards when protecting employee information. Simacan holds her employees, vendors, contractors, suppliers, and trading partners to meet this same set of policies. 4. Privacy Policy for Clients It is a part of Simacan s core values that Simacan will properly value and protect any information entrusted to it about its clients. This policy describes how we will safeguard personal and company information, to ensure peace of mind when dealing with Simacan. It is Simacan's policy that: Simacan will collect only that information about clients which is needed and relevant. Simacan will not disclose information to other parties unless customers have been properly notified of such a disclosure. Simacan will strive to make certain that information about customers is kept accurate and up-to-date. Simacan will use appropriate controls to ensure that this information is kept secure, and is only viewed or used by the proper personnel. Simacan will comply with applicable laws, regulations, and industry standards when protecting employee information. Simacan holds its employees, vendors, contractors, suppliers, and trading partners to meet this same set of policies. 6
7 5. Acceptance I have read and understood the Company s security and privacy policies. Date: Place: Signed: 7
8 6. Document Revision History Version number Draft number Date Summary of Changes First version Major draft review in line with the new product-centric business strategy Ready for review Section 2.2 Information Security Objectives 7. Document Review Date of Review Reviewer Felix Faassen Martijn Loot 8. Document Distribution Name Role 9. Document Approval Name Date Signature Rob Schuurbiers Felix Faassen Martijn Loot 8
Template Security and Privacy Policies
Template Security and Privacy Policies Provided by CSPO Tools materials for the security and privacy officer Highlights Pre-written materials ready for you to edit and use in your company. Downloadable
More informationInformation Security: Business Assurance Guidelines
Information Security: Business Assurance Guidelines The DTI drives our ambition of prosperity for all by working to create the best environment for business success in the UK. We help people and companies
More informationWho Should Know This Policy 2 Definitions 2 Contacts 3 Procedures 3 Forms 5 Related Documents 5 Revision History 5 FAQs 5
Information Security Policy Type: Administrative Responsible Office: Office of Technology Services Initial Policy Approved: 09/30/2009 Current Revision Approved: 08/10/2015 Policy Statement and Purpose
More informationINFORMATION SECURITY MANAGEMENT POLICY
INFORMATION SECURITY MANAGEMENT POLICY Security Classification Level 4 - PUBLIC Version 1.3 Status APPROVED Approval SMT: 27 th April 2010 ISC: 28 th April 2010 Senate: 9 th June 2010 Council: 23 rd June
More informationIssue 1.0. UoG/ILS/IS 001. Information Security and Assurance Policy. Information Security and Compliance Manager
Document Reference Number Date Title Author Owning Department Version Approval Date Review Date Approving Body UoG/ILS/IS 001 January 2016 Information Security and Assurance Policy Information Security
More informationUniversity of Sunderland Business Assurance Information Security Policy
University of Sunderland Business Assurance Information Security Policy Document Classification: Public Policy Reference Central Register Policy Reference Faculty / Service IG 003 Policy Owner Assistant
More informationGovernance and Management of Information Security
Governance and Management of Information Security Øivind Høiem, CISA CRISC Senior Advisor Information Security UNINETT, the Norwegian NREN About Øivind Senior Adviser at the HE sector secretary for information
More informationStandard: Information Security Incident Management
Standard: Information Security Incident Management Page 1 Executive Summary California State University Information Security Policy 8075.00 states security incidents involving loss, damage or misuse of
More informationData Security Incident Response Plan. [Insert Organization Name]
Data Security Incident Response Plan Dated: [Month] & [Year] [Insert Organization Name] 1 Introduction Purpose This data security incident response plan provides the framework to respond to a security
More informationCouncil Policy. Records & Information Management
Council Policy Records & Information Management COUNCIL POLICY RECORDS AND INFORMATION MANAGEMENT Policy Number: GOV-13 Responsible Department(s): Information Systems Relevant Delegations: None Other Relevant
More informationInformation Security Management System (ISMS) Policy
Information Security Management System (ISMS) Policy April 2015 Version 1.0 Version History Version Date Detail Author 0.1 18/02/2015 First draft Andy Turton 0.2 20/02/2015 Updated following feedback from
More informationINFORMATION TECHNOLOGY Policy 8400 (Regulation 8400) Data Security
INFORMATION TECHNOLOGY Policy 8400 (Regulation 8400) Data Security State Fair Community College shall provide a central administrative system for use in data collection and extraction. Any system user
More informationCITY UNIVERSITY OF HONG KONG Information Security Incident Management Standard
CITY UNIVERSITY OF HONG KONG Information Security Incident Management Standard (Approved by the Information Strategy and Governance Committee in December 2013; revision 1.1 approved by Chief Information
More informationBusiness Conduct, Compliance and Ethics Program. important
Business Conduct, Compliance and Ethics Program important Table of Contents Letter from Troy Kirchenbauer As healthcare s first online direct contracting market, aptitude is committed to upholding the
More informationThe supplier shall have appropriate policies and procedures in place to ensure compliance with
Supplier Instructions for Processing of Personal Data 1 PURPOSE SOS International has legal and contractual obligations on the matters of data protection and IT security. As a part of these obligations
More informationKEMIRA CODE OF CONDUCT
KEMIRA CODE OF CONDUCT 1 Code of Conduct outlines the fundamental requirements for how we do business Kemira s business is to provide expertise and tailored combinations of chemicals for water-intensive
More informationBusiness Associate Agreement
Business Associate Agreement I. Definitions Catch-all definition: The following terms used in this Agreement shall have the same meaning as those terms in the HIPAA Rules: Breach, Data Aggregation, Designated
More informationInformation Security Policy. Document ID: 3809 Version: 1.0 Owner: Chief Security Officer, Security Services
Information Security Policy Document ID: 3809 Version: 1.0 Owner: Chief Security Officer, Security Services Contents 1 Purpose / Objective... 1 1.1 Information Security... 1 1.2 Purpose... 1 1.3 Objectives...
More informationInformation Security Incident Protocol
Information Security Incident Protocol Document Owner Caroline Dodge Tel: 01622-221652 caroline.dodge@kent.gov.uk Version Version 2: July 2013 Contents 1. Protocol Objectives 2. Scope 3. Protocol Statement
More informationPolicy No: TITLE: EFFECTIVE DATE: CANCELLATION: REVIEW DATE:
Policy No: TITLE: AP-AA-17.2 Data Classification and Data Security ADMINISTERED BY: Office of Vice President for Academic Affairs PURPOSE EFFECTIVE DATE: CANCELLATION: REVIEW DATE: August 8, 2005 Fall
More informationHope In-Home Care CODE OF CONDUCT AND ETHICS
Hope In-Home Care CODE OF CONDUCT AND ETHICS September 2014 Table of Contents A MESSAGE FROM OUR DIRECTOR... 3 INTRODUCTION TO THE CODE OF CONDUCT AND ETHICS... 4 ELEMENT 1: QUALITY OF CARE... 5 ELEMENT
More informationInformation Classification and. Handling Policy
Information Security Document Information Classification and 1 Version History Version Date Detail Author 1.0 27/06/2013 Approved by Information Governance Jo White Group 2.0 31/07/2013 Approved by Information
More informationHIPAA BUSINESS ASSOCIATE AGREEMENT
HIPAA BUSINESS ASSOCIATE AGREEMENT THIS HIPAA BUSINESS ASSOCIATE AGREEMENT ( BAA ) is entered into effective the day of, 20 ( Effective Date ), by and between the Regents of the University of Michigan,
More informationBUSINESS ASSOCIATE AGREEMENT. Business Associate. Business Associate shall mean.
BUSINESS ASSOCIATE AGREEMENT This Business Associate Agreement is made as of the day of, 2010, by and between Methodist Lebonheur Healthcare, on behalf of itself and all of its affiliates ( Covered Entity
More informationWelcome to part 2 of the HIPAA Security Administrative Safeguards presentation. This presentation covers information access management, security
Welcome to part 2 of the HIPAA Security Administrative Safeguards presentation. This presentation covers information access management, security awareness training, and security incident procedures. The
More informationInformation Security Management System Policy
Information Security Management System Policy Public Version 3.3 Issued Document Name Owner P079A ISMS Security Policy Information Security Security Policies, Standards and Procedures emanate from the
More informationCODE OF ETHICS AND BUSINESS CONDUCT
CODE OF ETHICS AND BUSINESS CONDUCT Date of Issue: 22 January 2015 Version number: 2 LUXFER HOLDINGS PLC Code of Ethics and Business Conduct Luxfer Holdings PLC is committed to conducting its business
More informationINFORMATION SECURITY PROCEDURES
INFORMATION AN INFORMATION SECURITY PROCEURES Parent Policy Title Information Security Policy Associated ocuments Use of Computer Facilities Statute 2009 Risk Management Policy Risk Management Procedures
More informationCIS COMPLIANCE PROGRAMME
IFIA CIS COMPLIANCE PROGRAMME 1 INDEX SECTION A : CIS Compliance Principles SECTION B : CIS Compliance Programme 2 SECTION A : CIS Compliance Principles 1. Integrity CIS Commodity Inspection Services is
More informationResponsible Administrative Unit: Computing, Communications & Information Technologies. Information Technology Appropriate Use Policy
1.0 BACKGROUND AND PURPOSE Information Technology ( IT ) includes a vast and growing array of computing, electronic and voice communications facilities and services. At the Colorado School of Mines ( Mines
More informationJoint Universities Computer Centre Limited ( JUCC ) Information Security Awareness Training- Session One
Joint Universities Computer Centre Limited ( JUCC ) Information Security Awareness Training- Session One Information Security- Perspective for Management Information Security Management Program Concept
More informationDATA PROTECTION POLICY
Reference number Approved by Information Management and Technology Board Date approved 14 th May 2012 Version 1.1 Last revised N/A Review date May 2015 Category Information Assurance Owner Data Protection
More informationINFORMATION TECHNOLOGY SECURITY STANDARDS
INFORMATION TECHNOLOGY SECURITY STANDARDS Version 2.0 December 2013 Table of Contents 1 OVERVIEW 3 2 SCOPE 4 3 STRUCTURE 5 4 ASSET MANAGEMENT 6 5 HUMAN RESOURCES SECURITY 7 6 PHYSICAL AND ENVIRONMENTAL
More informationINITIAL APPROVAL DATE INITIAL EFFECTIVE DATE
TITLE AND INFORMATION TECHNOLOGY RESOURCES DOCUMENT # 1107 APPROVAL LEVEL Alberta Health Services Executive Committee SPONSOR Legal & Privacy / Information Technology CATEGORY Information and Technology
More informationPrivacy Incident and Breach Management Policy
Privacy Incident and Breach Management Policy Privacy Office Document ID: 2480 Version: 2.1 Owner: Chief Privacy Officer Sensitivity Level: Low Copyright Notice Copyright 2014, ehealth Ontario All rights
More informationInformation Security Management Systems
Information Security Management Systems Øivind Høiem CISA, CRISC, ISO27001 Lead Implementer Senior Advisor Information Security UNINETT, the Norwegian NREN About Øivind Senior Adviser at the HE sector
More informationINFORMATION SECURITY POLICY
Information Security Policy INFORMATION SECURITY POLICY Introduction Norwood UK recognises that information and information systems are valuable assets which play a major role in supporting the companies
More informationEA-ISP-001 Information Security Policy
Technology & Information Services EA-ISP-001 Information Security Policy Owner: Adrian Hollister Author: Paul Ferrier Date: 13/03/2015 Document Security Level: PUBLIC Document Version: 2.41 Document Ref:
More informationCorporate ICT & Data Management. Data Protection Policy
90 Corporate ICT & Data Management Data Protection Policy Classification: Unclassified Date Created: January 2012 Date Reviewed January Version: 2.0 Author: Owner: Data Protection Policy V2 1 Version Control
More informationInformation Governance Framework. June 2015
Information Governance Framework June 2015 Information Security Framework Janice McNay June 2015 1 Company Thirteen Group Lead Manager Janice McNay Date of Final Draft and Version Number June 2015 Review
More informationLAMAR STATE COLLEGE - ORANGE INFORMATION RESOURCES SECURITY MANUAL. for INFORMATION RESOURCES
LAMAR STATE COLLEGE - ORANGE INFORMATION RESOURCES SECURITY MANUAL for INFORMATION RESOURCES Updated: June 2007 Information Resources Security Manual 1. Purpose of Security Manual 2. Audience 3. Acceptable
More informationISO/IEC 27002:2013 WHITEPAPER. When Recognition Matters
When Recognition Matters WHITEPAPER ISO/IEC 27002:2013 INFORMATION TECHNOLOGY - SECURITY TECHNIQUES CODE OF PRACTICE FOR INFORMATION SECURITY CONTROLS www.pecb.com CONTENT 3 4 5 6 6 7 7 7 7 8 8 8 9 9 9
More informationInformation Security Policy
Information Security Policy Touro College/University ( Touro ) is committed to information security. Information security is defined as protection of data, applications, networks, and computer systems
More informationOur vision. A company where the best people want to work.
Code of Conduct Our vision A company where the best people want to work. The world leader in chemical distribution, providing unparalleled connectivity between customers and suppliers. 2 Univar s guiding
More informationData Protection Policy
Data Protection Policy Document Ref: DPA20100608-001 Version: 1.3 Classification: UNCLASSIFIED (IL 0) Status: ISSUED Prepared By: Ian Mason Effective From: 4 th January 2011 Contact: Governance Team ICT
More informationBUSINESS ASSOCIATE AGREEMENT
BUSINESS ASSOCIATE AGREEMENT This Business Associate Agreement (the "Agreement") is made and entered into this day of,, by and between Quicktate and idictate ("Business Associate") and ("Covered Entity").
More informationCorporate Code of Ethics
FERROVIAL CORPORATE CODE OF ETHICS Corporate Code of Ethics Our complete commitment to the ethics and integrity of our workforce highlights us as a serious company committed to its stakeholders interests.
More informationASTRAZENECA GLOBAL POLICY SAFEGUARDING COMPANY ASSETS AND RESOURCES
ASTRAZENECA GLOBAL POLICY SAFEGUARDING COMPANY ASSETS AND RESOURCES THIS POLICY SETS OUT THE REQUIREMENTS FOR SAFEGUARDING COMPANY ASSETS AND RESOURCES TO PROTECT PATIENTS, STAFF, PRODUCTS, PROPERTY AND
More informationGuideline for Roles & Responsibilities in Information Asset Management
ISO 27001 Implementer s Forum Guideline for Roles & Responsibilities in Information Asset Management Document ID ISMS/GL/ 003 Classification Internal Use Only Version Number Initial Owner Issue Date 07-08-2009
More informationHIPAA Privacy Rule Policies
DRAFT - Policies and Procedures PRIVACY OFFICE ASSIGNMENT AND RESPONSIBILITIES APPROVED BY: SUPERCEDES POLICY: Policy #1 ADOPTED: REVISED: REVIEWED: Purpose This policy is designed to assure the establishment
More informationRecords Management Policy & Guidance
Records Management Policy & Guidance COMMERCIALISM Document Control Document Details Author Nigel Spencer Company Name The Crown Estate Department Name Information Services Document Name Records Management
More informationDocument and Record Control Procedures
Information Security Document Document and Record Control Procedures 1 Version History Version Date Detail Author 1.0 30/08/2013 Approved by Information Governance Jo White Group 2.0 27/09/2013 Changes
More informationDRAFT BUSINESS ASSOCIATES AGREEMENT
DRAFT BUSINESS ASSOCIATES AGREEMENT THIS AGREEMENT is made this day of, 20, by and among, a Corporation organized under the laws of the State of (hereinafter known as "Covered Entity") and organized under
More informationInformation Security Management System Information Security Policy
Management System Policy Version: 3.4 Issued Document Name: Owner: P079A - ISMS Security Policy Classification: Public Security Policies, Standards and Procedures emanate from the Policy which has been
More informationInformation Management and Security Policy
Unclassified Policy BG-Policy-03 Contents 1.0 BG Group Policy 3 2.0 Policy rationale 3 3.0 Applicability 3 4.0 Policy implementation 4 Document and version control Version Author Issue date Revision detail
More informationWright State University Information Security
Wright State University Information Security Controls Policy Title: Category: Audience: Reason for Revision: Information Security Framework Information Technology WSU Faculty and Staff N/A Created / Modified
More informationDEPARTMENT OF TAXATION AND FINANCE SECURITY OVER PERSONAL INFORMATION. Report 2007-S-77 OFFICE OF THE NEW YORK STATE COMPTROLLER
Thomas P. DiNapoli COMPTROLLER OFFICE OF THE NEW YORK STATE COMPTROLLER DIVISION OF STATE GOVERNMENT ACCOUNTABILITY Audit Objectives... 2 Audit Results - Summary... 2 Background... 2 Audit Findings...
More informationTitle: Data Security Policy Code: 1-100-200 Date: 11-6-08rev Approved: WPL INTRODUCTION
Title: Data Security Policy Code: 1-100-200 Date: 11-6-08rev Approved: WPL INTRODUCTION The purpose of this policy is to outline essential roles and responsibilities within the University community for
More informationInformation Security Program
Stephen F. Austin State University Information Security Program Revised: September 2014 2014 Table of Contents Overview... 1 Introduction... 1 Purpose... 1 Authority... 2 Scope... 2 Information Security
More informationDocument Title: System Administrator Policy
Document Title: System REVISION HISTORY Effective Date:15-Nov-2015 Page 1 of 5 Revision No. Revision Date Author Description of Changes 01 15-Oct-2015 Terry Butcher Populate into Standard Template Updated
More informationInformation Security Policy September 2009 Newman University IT Services. Information Security Policy
Contents 1. Statement 1.1 Introduction 1.2 Objectives 1.3 Scope and Policy Structure 1.4 Risk Assessment and Management 1.5 Responsibilities for Information Security 2. Compliance 3. HR Security 3.1 Terms
More informationMarist College. Information Security Policy
Marist College Information Security Policy February 2005 INTRODUCTION... 3 PURPOSE OF INFORMATION SECURITY POLICY... 3 INFORMATION SECURITY - DEFINITION... 4 APPLICABILITY... 4 ROLES AND RESPONSIBILITIES...
More informationInformation Circular
Information Circular Enquiries to: Brooke Smith Senior Policy Officer IC number: 0177/14 Phone number: 9222 0268 Date: March 2014 Supersedes: File No: F-AA-23386 Subject: Practice Code for the Use of Personal
More informationGuide to INFORMATION SECURITY FOR THE HEALTH CARE SECTOR
Guide to INFORMATION SECURITY FOR THE HEALTH CARE SECTOR Information and Resources for Small Medical Offices Introduction The Personal Health Information Protection Act, 2004 (PHIPA) is Ontario s health-specific
More informationBUSINESS ASSOCIATE AGREEMENT ( BAA )
BUSINESS ASSOCIATE AGREEMENT ( BAA ) Pursuant to the terms and conditions specified in Exhibit B of the Agreement (as defined in Section 1.1 below) between EMC (as defined in the Agreement) and Subcontractor
More informationHighland Council Information Security Policy
Highland Council Information Security Policy Document Owner: Vicki Nairn, Head of Digital Transformation Page 1 of 16 Contents 1. Document Control... 4 Version History... 4 Document Authors... 4 Distribution...
More informationCOMPLIANCE ALERT 10-12
HAWAII HEALTH SYSTEMS C O R P O R A T I O N "Touching Lives Every Day COMPLIANCE ALERT 10-12 HIPAA Expansion under the American Recovery and Reinvestment Act of 2009 The American Recovery and Reinvestment
More informationService Schedule for CLOUD SERVICES
Service Schedule for CLOUD SERVICES This Service Schedule is effective for Cloud Services provided on or after 1 September 2013. Terms and Conditions applicable to Cloud Services provided prior to this
More informationMEDICAL TRAINEE DATA FORM (This information is required for all medical students)
ALEXANDRA MARINE AND GENERAL HOSPITAL 120 Napier Street, GODERICH, ON N7A 1W5 (519) 524-8689 ext. 5712 Fax: (519) 524-5579 Email: amgh.administration@amgh.ca MEDICAL TRAINEE DATA FORM (This information
More informationAPPROPRIATE USE OF INFORMATION POLICY 3511 TECHNOLOGY RESOURCES ADOPTED: 06/17/08 PAGE 1 of 5
PAGE 1 of 5 PURPOSE Triton College s computer and information network is a continually growing and changing resource supporting thousands of users and systems. These resources are vital for the fulfillment
More informationCOUNCIL POLICY R180 RECORDS MANAGEMENT
1. Scope The City of Mount Gambier Records Management Policy provides the policy framework for Council to effectively fulfil its obligations and statutory requirements under the State Records Act 1997.
More informationEAA Policy for Accepting and Handling Credit and Debit Card Payments ( Policy )
EAA Policy for Accepting and Handling Credit and Debit Card Payments ( Policy ) Background Due to increased threat of identity theft, fraudulent credit card activity and other instances where cardholder
More informationVMware vcloud Air HIPAA Matrix
goes to great lengths to ensure the security and availability of vcloud Air services. In this effort VMware has completed an independent third party examination of vcloud Air against applicable regulatory
More informationYour Content refers to the information that you wish to transfer using our Services.
Philips Secure Data Transfer Terms of Service th Revised: May 10, 2012 Thank you for using Philips Secure Data Transfer. These terms of service (the Terms ) govern your access to and use of Philips Secure
More informationGROUP POLICY MANUAL CODE OF CONDUCT AND ETHICS POLICY
POLICY NO: 8 (Group) Issued: November 2007 Revision No: 1 GROUP POLICY MANUAL CODE OF CONDUCT AND ETHICS POLICY Original Issued: 22 August, 2003 Effective: November 2007 Date Reviewed: February 2007 By:
More information1. Compliance with Laws, Rules and Regulations
CODE OF BUSINESS CONDUCT - EXAMPLE INTRODUCTION This Code of Business Conduct covers a wide range of business practices and procedures. It does not cover every issue that may arise, but it sets out basic
More informationBEFORE THE BOARD OF COUNTY COMMISSIONERS FOR MULTNOMAH COUNTY, OREGON RESOLUTION NO. 05-050
BEFORE THE BOARD OF COUNTY COMMISSIONERS FOR MULTNOMAH COUNTY, OREGON RESOLUTION NO. 05-050 Adopting Multnomah County HIPAA Security Policies and Directing the Appointment of Information System Security
More informationCorporate Policy. Data Protection for Data of Customers & Partners.
Corporate Policy. Data Protection for Data of Customers & Partners. 02 Preamble Ladies and gentlemen, Dear employees, The electronic processing of virtually all sales procedures, globalization and growing
More informationEvergreen Solar, Inc. Code of Business Conduct and Ethics
Evergreen Solar, Inc. Code of Business Conduct and Ethics A MESSAGE FROM THE BOARD At Evergreen Solar, Inc. (the Company or Evergreen Solar ), we believe that conducting business ethically is critical
More informationMacarthur Minerals Limited CODE OF CONDUCT. February 2012
Macarthur Minerals Limited CODE OF CONDUCT February 2012 MACARTHUR MINERALS LIMITED AND ITS SUBSIDIARIES (THE COMPANY OR MACARTHUR ) CODE OF CONDUCT 1. INTRODUCTION 1.1 The Macarthur Mineral Limited (including
More informationInformation security policy
Information security policy Issue sheet Document reference Document location Title Author Issued to Reason issued NHSBSARM001 S:\BSA\IGM\Mng IG\Developing Policy and Strategy\Develop or Review of IS Policy\Current
More informationNATIONAL HEALTHCARE SAFETY NETWORK USER RULES OF BEHAVIOR. Version 1.0 08/08/05
NATIONAL HEALTHCARE SAFETY NETWORK USER RULES OF BEHAVIOR Version 1.0 08/08/05 VERSION HISTORY Version # Implemented By Revision Date Reason 1.0 James Tolson 08/08/05 Page 2 of 12 TABLE OF CONTENTS 1 INTRODUCTION...
More informationRevised 05/22/14 P a g e 1
Corporate Office 107 W. Franklin Street P.O. Box 638 Elkhart, IN 46515-0638 Phone (574) 294-7511 Fax (574) 522-5213 INTRODUCTION PATRICK INDUSTRIES, INC. CODE OF ETHICS AND BUSINESS CONDUCT As a leader
More informationUNIVERSAL INSURANCE HOLDINGS, INC. CODE OF BUSINESS CONDUCT AND ETHICS. Revised as of March 3, 2014
I. Statement of Policy UNIVERSAL INSURANCE HOLDINGS, INC. CODE OF BUSINESS CONDUCT AND ETHICS Revised as of March 3, 2014 Universal Insurance Holdings, Inc. ( UIH ) and its subsidiaries (collectively,
More informationPhysical Security Policy Template
Physical Security Policy Template The Free iq Physical Security Policy Generic Template has been designed as a preformatted framework to enable your Practice to produce a Policy that is specific to your
More informationBUSINESS ASSOCIATE AGREEMENT
BUSINESS ASSOCIATE AGREEMENT This Agreement ( Agreement ) is made and entered into this day of [Month], [Year] by and between [Business Name] ( Covered Entity ), [Type of Entity], whose business address
More informationI S O I E C 2 7 0 0 2 2 0 1 3 I N F O R M A T I O N S E C U R I T Y A U D I T T O O L
7.1 EMPHASIZE SECURITY PRIOR TO EMPLOYMENT 7.1.1 VERIFY THE BACKGROUNDS OF ALL NEW PERSONNEL Do you check the backgrounds of all candidates for employment? Do you make sure that background verifications
More informationPersonal Health Information Privacy Policy
Personal Health Information Privacy Policy Privacy Office Document ID: 2478 Version: 6.2 Owner: Chief Privacy Officer Sensitivity Level: Low Copyright Notice Copyright 2014, ehealth Ontario All rights
More informationHealth Care Provider Guide
Health Care Provider Guide Diagnostic Imaging Common Service Project, Release 1 Version: 1.4 Copyright Notice Copyright 2014, ehealth Ontario All rights reserved No part of this document may be reproduced
More informationINFORMATION TECHNOLOGY POLICY
COMMONWEALTH OF PENNSYLVANIA DEPARTMENT OF PUBLIC WELFARE INFORMATION TECHNOLOGY POLICY Name Of : DPW Information Security and Privacy Policies Domain: Security Date Issued: 05/09/2011 Date Revised: 11/07/2013
More informationCode of Business Conduct and Ethics. With Special Message for Senior Business and Finance Leaders
Code of Business Conduct and Ethics With Special Message for Senior Business and Finance Leaders Index Letter from our Chairman & CEO and from our President Annual Letter to Senior Leaders Introduction
More informationOffice of Security Management (213) 974-7926
PREPARED BY OCCUPATIONAL HEALTH PROGRAMS CHIEF EXECUTIVE OFFICE RISK MANAGEMENT BRANCH October 2007 Section Page STATEMENT OF PURPOSE...3 Psychiatric Emergencies AUTHORITY & CIVIL SERVICE RULES... 4 Application
More informationIs it Time to Trust the Cloud? Unpacking the Notorious Nine
Is it Time to Trust the Cloud? Unpacking the Notorious Nine Jonathan C. Trull, CISO, Qualys Cloud Security Alliance Agenda Cloud Security Model Background on the Notorious Nine Unpacking the Notorious
More informationCOMMERCIALISM INTEGRITY STEWARDSHIP. Security Breach and Weakness Policy & Guidance
Security Breach and Weakness Policy & Guidance Document Control Document Details Author Adrian Last Company Name The Crown Estate Division Name Information Services Document Name Security Breach & Weakness
More informationThe Manitoba Child Care Association PRIVACY POLICY
The Manitoba Child Care Association PRIVACY POLICY BACKGROUND The Manitoba Child Care Association is committed to comply with the legal obligations imposed by the federal government's Personal Information
More informationUTech Services Compliance, Auditing, Risk, and Security (CARS) Team Charter
Pennsylvania State System of Higher Education California University of Pennsylvania UTech Services Compliance, Auditing, Risk, and Security (CARS) Team Charter Version [1.0] 1/29/2013 Revision History
More informationNSW Government Digital Information Security Policy
NSW Government Digital Information Security Policy Version: 2.0 Date: April 2015 CONTENTS PART 1 PRELIMINARY... 3 1.1 Scope... 3 1.2 Application... 3 1.3 Objectives... 3 PART 2 POLICY STATEMENT... 4 Core
More informationInformation Resources Security Guidelines
Information Resources Security Guidelines 1. General These guidelines, under the authority of South Texas College Policy #4712- Information Resources Security, set forth the framework for a comprehensive
More information